Speaker at HiNZ Cybersecurity in Health event 1 August 2017

1. Key considerations before you buy

2. Agenda
o Cyber crime – overview
o Understand the risk
o Cyber insurance
– What does it cover?
– Additional benefits
– Possible placements
o Understand the policy
o Decision time – Insurance?

3. Cyber crime - overview
o Cyber crime is, primarily, conducted for 4 reasons
− Obtaining confidential personal information – then often sold for
profit but can be politically motivated
− Direct financial crime – transfer of money, etc from accounts
− Botnet – utilising the infected device to conduct Distributed Denial
of Service attacks
− Political – “hacktavism”, state sponsored attacks aimed at
Governments and agencies
o Cyber crime is increasing exponentially
− Circa US$450billion arising from cyber crime in 2016
− Estimated to increase to US$2trillion by 2019

4. Understand the risk
o Treat cyber the same as any other risk the
business faces
o Identify the risks around cyber specific to the
business
o Assess the mitigating factors to those risks
o Quantify the risks
o Then, and only then, consider insurance

5. CYBER INSURANCE

6. What does it cover?
o Loss of profit
− Loss of net profit and extra
expenses incurred
o Fines and Penalties
− Imposed by regulatory bodies,
where permissible by law
o Restoration Costs
− Costs incurred in restoring,
replacing or recollecting data
o Breach Response Costs
− Costs associated with notification,
credit monitoring to the affected
individuals
o Forensic Costs
− Costs incurred in investigating
and analysing how the breach
occurred
o Public Relations costs
o Extortion
− Expenses incurred in evaluating
an extortion threat and potential
payment of the “ransom”

7. Additional benefits
o Access to a pre-agreed
panel of experts including
− Breach response
teams
− Public Relations firms
− Forensic experts
− Legal support
o Pre and post loss
assessments, at a cost
− Identification of
weaknesses
− Recommendations
− Provided through the
insurers panel of
experts

8. Possible Placements
Conventional – protects the
Insured for costs incurred
Alternative – provides access to the
experts but mitigates cost by significant
retention

9. Understand the policy
o What does the policy cover, and what does it not?
o Stress test the policy with likely scenarios
o Adapt the policy to meet your exposures
o Understand what access to experts sits behind the
policy

10. Decision Time – Insurance?
o Are your exposures mitigated adequately? Is insurance
the best solution?
o Are you and the insurer aligned to how to manage an
incident
o Ensure full disclosure – share your findings with
insurers
o Do adapt the limit and excess to meet your budget
constraint but critically your potential exposure
o Price is important, but cover is critical

11. Contact details
STEVE WALSHAM
GROUP BROKING MANAGER
DDI +64 9 357 4883 | M +64 27 403 4672
E steve.walsham@crombielockwood.co.nz